Identify these elements used for server profiling: Listening ports, Logged in users/service accounts, Running processes, Running tasks, Applications
Implementing Cisco Cybersecurity Operations (210-255)
Server profiling helps to establish what type of server is running and what applications are running on the server. Used in baselining it can help to show when malicious services have been added to a server.
- Listening ports: Ports that show in a scan (NMAP) as listening indicate that an application is running on that port. Well known ports can help to indicate what kind of service is running.
- Logged in users/service accounts: know what is normal and who should be accessing the server
- Running processes: in baselining knowing what should be running, in forensics determining what malicious processes exist
- Running tasks: Tasks are spawned by processes
- Applications: Knowing what applications are running on a server allows you to know what potential vulnerabilities could be there.